Handling of invalid packets
Thu, 30 Sep 1999 11:15:59 +0100
Paul Rusty Russell writes ("Re: Handling of invalid packets "):
> In message <E11WH3k-0007Ynemail@example.com> you write:
> > > /* Let locally-generated evil packets through. */
> > Yuck! Surely there's a cleaner way to do that?
> Yep, for 0.1.10 I moved it into a separate hook function for
> local-out, to avoid the test in ipt_hook.
> But the packet filter code assumes a valid IP header (it's far
> easier); this can be violated with root and raw sockets. What do you
The test is to prevent a program that hasn't been written yet from
violating an assumption made elsewhere in the code. I think that
justifies a comment in the code saying what the test is for (rather
than what the test does, which we can see anyway).